6500 FWSM question

Discussion in 'Cisco' started by joe, Jul 11, 2003.

  1. joe

    joe Guest

    Hi,

    Is it possible to do the following :

    On one 6500 FWSM create the following static :

    External IP : 206.47.230.99
    Inside Address: 10.250.128.50

    On a second 6500 FWSM create the following static :

    Inside Address : 10.250.128.50
    DMZ Address : 172.16.15.15

    Basically 1 static externally translated to another static
    internally. Assuming that there were 2 paths (ISP's) available
    back out, would the above static mappings preserve the
    session. That is would the initial external address of
    206.47.230.99 be used to route back as well ?

    Thanks,
    Joe
     
    joe, Jul 11, 2003
    #1

    1. Advertisements

  2. joe

    Walter Roberson Guest

    : Is it possible to do the following :

    :On one 6500 FWSM create the following static :

    :External IP : 206.47.230.99
    :Inside Address: 10.250.128.50

    :On a second 6500 FWSM create the following static :

    :Inside Address : 10.250.128.50
    :DMZ Address : 172.16.15.15

    :Basically 1 static externally translated to another static
    :internally.

    :Assuming that there were 2 paths (ISP's) available
    :back out, would the above static mappings preserve the
    :session. That is would the initial external address of
    :206.47.230.99 be used to route back as well ?

    I'm confused about the way the two 6500's and the two ISPs are
    connected.

    If the Inside of the first 6500 is connected to the Inside of
    the second 6500, then Yes, packets on the DMZ of the second 6500
    that were addressed to 172.16.15.15 would become packets addressed
    to 206.47.230.99 on the way out.

    I would be concerned, though, about whether all dynamic protocols would
    work properly; I'm not certain at the moment that all the fixups apply
    when going from a higher security interface to a lower security
    interface, as would happen on your second 6500, Inside to DMZ.
    [e.g., I don't think the SMTP fixup applies to what would be
    considered -outgoing- email.]

    I don't see where the second ISP fits in to your question ??
     
    Walter Roberson, Jul 11, 2003
    #2

    1. Advertisements

  3. joe

    joe Guest

    Thanks for the reply. The two ISP paths are used for different
    traffic. We put HTTP on one pipe and other traffic on the other pipe.
    I just wanted to be sure that the inbound static would preserve its
    state when going back to the original request.

    -Joe
     
    joe, Jul 12, 2003
    #3

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. Catalyst 6500 Native IOS question

  2. Catalyst 6500 with firewall question

  3. FWSM and Vlans Question

  4. Cat 6500 to Cat 6500 and VLANs

  5. Catalyst 6500 [FWSM] [CSM]

  6. Help with NAT configuration on a Catalyst 6500 with no FWSM

  7. Failover problem with Firewall Service Modul (FWSM) Catalyst 6500

  8. Failover problem with Firewall Service Modul (FWSM) Catalyst 6500

Loading...